A Fox 5 investigation exposes a worldwide ATM scam that swindled $9 million and possibly jeopardized sensitive information from people around the world. Law enforcement sources told Fox 5 it’s one of the most frightening well-coordinated heists they’ve ever seen.
Photos from security video obtained by Fox 5 show of a small piece of a huge scam that took place all in one day in a matter of hours. According to the FBI , ATMs from 49 cities were hit — including Atlanta, Chicago, New York, Montreal, Moscow and Hong Kong.
“We’ve seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here,” FBI Agent Ross Rice told Fox 5.
These people in the photos are believed to be “cashers,” low-level players, in a scheme devised from some mastermind — a dangerous computer hacker or hacking ring authorities fear could strike again.
Here’s how it all came down, according to information Fox obtained from the FBI and law enforcement sources:
The computer system for a company called RBS WorldPay was hacked. One service of the company is the ability for employers to pay employees with the money going directly to a card, called payroll cards, a lot like a debit card that can be used in any ATM. The hacker was able to infiltrate the supposedly secure system and steal the information necessary to duplicate or clone people’s ATM cards.
“We’ve never seen one this well coordinated,” the FBI said.
Then shortly after midnight Eastern Time on November 8, the FBI believes that dozens of the so-called cashers were used in a coordinated attack of ATM machines around the world.
“Over 130 different ATM machines in 49 cities worldwide were accessed in a 30-minute period on November 8,” Agents Rice said. “So you can get an idea of the number of people involved in this and the scope of the operation.”
Here is the amazing part: With these cashers ready to do their dirty work around the world, the hacker somehow had the ability to lift those limits we all have on our ATM cards. For example, I’m only allowed to take out $500 a day, but the cashers were able to cash once, twice, three times over and over again. When it was all over, they only used 100 cards but they ripped off $9 million.
The RBS Web site says that card holders will not be responsible for any unauthorized transactions. But there is fear that the hackers might have had access to sensitive information used in identity theft for a potential 1.5 million customers — including their including Social Security numbers.
“The number of machines that were accessed, the number of cities that were targeted, and the number of people that had to be involved in this is quite significant,” Agent Rice said.
Investigators are hoping a break in the case may come from one of the cashers. The theory is they probably were recruited, paid a small fee to be solders in the scam, and might be likely to rat out the people who hired them.
There are millions of people out there these days with these payroll cards. RBS officials say they have sent out letters to anyone who might have been affected. They are also offering one-year credit protection for people whose Social Security number may have been jeopardized by this scam. However, the good news is that it doesn’t look like any identity theft has occurred yet.
So far, the FBI has no suspects and has made no arrests in this scam. An attorney in Atlanta has filed a class-action lawsuit against RBS WorldPay for allegedly failing to protect personal information.
RBS WorldPay told Fox 5 the company has hired a security firm to try to figure out what happened and to prevent it from happening again.
(Source: MyFoxNY)
Join the official YWN WhatsApp status
One Response
And where is this batch of stolen money going???
The business/finance internet is a new frontier. Also hiding malware in all kinds of computer environments. We must be careful to not underestimate the enemies of a civilized society.
I have read reputable reports that in past internet investigations into certain email finance scams they were linked to Nigeria and from there linked to Hamas and other middle eastern terrorist groups.
We personally use the internet in business and these groups have stumbled on our business email address. In the last two years we have received a steady stream of “phishing” emails pretending to be from over 150 different legitimate financial institutions, many of them appearing quite convincing. And that is not counting at least twice as many more of the airplane-crash-victim-with-no-relatives variety.
What I have noticed is that lately, approximately since the war heated up in Israel, the amount of this mail has tripled.
They seem pretty obviously phony to me, but if even a small percentage of people fall for this stuff, I guess it is worth it to them or they wouldn’t bother. Terrorism does cost money.
I have a countering idea. I don’t know how this would be paid for- but in terms of people needing new jobs- I personally think we need many more individuals trained and paid to monitor the intenet, trained in Arabic, Indian, Chinese, Russian, etc.languages and trained to be able to investigate sophisticated information technologies, including in these other languages. This is unfortunately a growing field.
Although more attention is now being given to these matters(thank you), I think the “bad guys” have a big head start, and the safety of our future requires us to catch up.
According to a recent PC World Magazine news item- the current largest computer in the world is a rogue computer run by unknown hackers; it is a cobbled together bot-network which is aggressively attached to thousands of unsuspecting private computers. According to a Business Week article- substandard and even possibly intentionally, maliciously rigged computer components, bought from over seas and installed in US Military planes, have caused crashes.
We can’t rely on the hackers’ “soldiers” to rat out some obviously powerful, smart bad guys.
This stuff frightens me.
And my thoughts go out to those whose money has been effected. In the long run you usually get your money straighten out, but for us, when we got our credit cards invaded and as a result our credit rating invaded, it was two months of phone calls, affidavits, endless explaining before we were (mostly) straightened out.